Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

not-a-virus heur adware script generic pomożecie?

Polak13pl 07 Cze 2018 14:40 252 2
  • #1 07 Cze 2018 14:40
    Polak13pl
    Poziom 2  

    witam . Jak w temacie kaspersky antivirus wywala komunikat że zablokowano pobieranie not a virus adware script generic i jakiś adres strony . NIE KLIKAJCIE LEPIEJ Edit (usunąłem link ponieważ nie mogłem wrzucić tematu) . Jak tego czegoś się pozbyć? windows 7 home premium 64bit service pack 1 FRST poniżej

    0 2
  • #2 07 Cze 2018 22:20
    RADU23
    Moderator - Komputery Serwis

    Otwórz notatnik i wklej zawartość:

    Cytat:
    HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\MountPoints2: F - F:\autorun.exe
    HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\MountPoints2: {589866fd-456b-11e8-8bee-d027881e52b4} - F:\autorun.exe
    HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\MountPoints2: {749ae62b-d71d-11e5-a3bd-a9955758421b} - H:\AutoRun.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.pl/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Brak nazwy -> {eae1e35c-bdd4-49aa-adc9-e82496f88370} -> Brak pliku
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    U1 aswbdisk; Brak ImagePath


    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    Po tym, wykonaj skanowanie MBAM oraz ADWcleaner i usuń co wykryją =>
    https://www.malwarebytes.org/dl-confirm/
    http://www.bleepingcomputer.com/download/adwcleaner/

    0
  • Pomocny post
    #3 08 Cze 2018 00:05
    dt1
    Moderator - Komputery Serwis

    Myślę, że warto poszerzyć nieco ten fixlist, moja propozycja:

    Code:
    HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
    
    HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\MountPoints2: F - F:\autorun.exe
    HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\MountPoints2: {589866fd-456b-11e8-8bee-d027881e52b4} - F:\autorun.exe
    HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\...\MountPoints2: {749ae62b-d71d-11e5-a3bd-a9955758421b} - H:\AutoRun.exe
    HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Games\TERROR~1\Data\LEVELS~2\Levels.scr
    URLSearchHook: HKLM-x32 - (Brak nazwy) - {eae1e35c-bdd4-49aa-adc9-e82496f88370} - Brak pliku
    URLSearchHook: HKU\S-1-5-21-3069082019-2975524053-1918208989-1000 - (Brak nazwy) - {eae1e35c-bdd4-49aa-adc9-e82496f88370} - Brak pliku
    BHO-x32: Brak nazwy -> {eae1e35c-bdd4-49aa-adc9-e82496f88370} -> Brak pliku
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR HKU\S-1-5-21-3069082019-2975524053-1918208989-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    U1 aswbdisk; Brak ImagePath
    S1 uxwvhfyu; \??\C:\Windows\system32\drivers\uxwvhfyu.sys [X]
    S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Łukasz\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Łukasz\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Łukasz\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Łukasz\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku




    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Łukasz\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Łukasz\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Łukasz\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Łukasz\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Łukasz\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ContextMenuHandlers1_S-1-5-21-3069082019-2975524053-1918208989-1000: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} =>  -> Brak pliku
    ContextMenuHandlers4_S-1-5-21-3069082019-2975524053-1918208989-1000: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} =>  -> Brak pliku
    ContextMenuHandlers5_S-1-5-21-3069082019-2975524053-1918208989-1000: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} =>  -> Brak pliku
    Task: {247B8E66-101B-4A14-B1C9-0EC5565339BC} - System32\Tasks\{9D4DC6C6-1037-41B0-8210-A64C59F4B5BC} => C:\Program Files (x86)\The Game Creators\FPS Creator Free\FPSCreator.exe
    Task: {24F0158E-45B7-49AC-95DD-4BE94D221B3C} - System32\Tasks\{D5373167-5E41-4516-9895-1E370FDD4793} => C:\Program Files (x86)\Firefly Studios\Castle Attack 2\CastleAttack.exe
    Task: {2D352980-F404-45B8-A912-6C4543765015} - System32\Tasks\{C70D9406-0DD1-41B7-93A8-26030DC64D83} => C:\Users\Łukasz\Desktop\Minecraft by Zyczu.exe
    Task: {35EDAFEA-8FF7-4B23-BD7B-C52DF59B96AF} - System32\Tasks\{ABCCE066-E416-44CA-9C75-FB960174E725} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
    Task: {4C8A37C4-9A51-42C3-93F0-B2EEF79A5796} - System32\Tasks\{B4990BBB-D1E1-4E7D-B429-4E93BD141AF8} => E:\V1.05b_Raft_Win32\V1.05b_Raft_Wind32.exe
    Task: {4E6BBD37-D615-4DF7-83A7-B79DCB987ED3} - System32\Tasks\{92C6EA50-A217-430E-B68C-919DA6708040} => C:\games\car mechanic simulator 2015\cms2015_Loader.exe
    Task: {57620902-6A32-4FE8-9A10-E53D725ACF26} - System32\Tasks\{AAE3E4F1-EB5F-4AB2-BFCB-494ED9911CA8} => E:\V1.05b_Raft_Win32\V1.05b_Raft_Wind32.exe
    Task: {707B65A3-7D16-4873-B6FD-A5E794C96AFF} - System32\Tasks\{F89A8CFF-C7B0-4F06-B5BD-FFDB80C31C4B} => C:\games\car mechanic simulator 2015\cms2015_Loader.exe
    Task: {755DD793-FE8A-4577-B670-DF2FB212EFB7} - System32\Tasks\{863A1433-936D-494D-81D1-DDE128DA732B} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
    Task: {7CBB2667-27D8-4357-B36A-1591B45BC7FE} - System32\Tasks\{10A91CE7-3FF6-40B5-837C-0100D5AE8866} => C:\Windows\system32\pcalua.exe -a E:\mortyr3setup.exe -d E:\
    Task: {817E9AD6-F9D0-44BD-AE54-545670364492} - System32\Tasks\{F235973D-4EA4-420F-BACE-CC882FE7A033} => C:\Users\Łukasz\Desktop\Minecraft by Zyczu.exe
    Task: {85894450-9C87-4C9E-BFAC-27F33B038751} - System32\Tasks\{CFB5798B-75A0-4D3D-8110-987E5C617453} => E:\V1.05b_Raft_Win32\V1.05b_Raft_Wind32.exe
    Task: {87C3AFD1-E553-4268-9916-74A02F3447BF} - System32\Tasks\{8029A874-0913-452F-8FF7-53AB039B3492} => C:\games\car mechanic simulator 2015\cms2015_Loader.exe
    Task: {883694F6-2116-4DDF-94AA-8AF7F5EB8488} - System32\Tasks\VIPRE Spectre CPU Flow Fix Task v3 => C:\Program Files (x86)\iS3\STOPzilla AntiVirus\Definitions\patch0109.exe [2018-01-11] (VIPRE Security)
    Task: {97F8B56D-2DE7-4F99-9AC6-82C8B5FD42F9} - System32\Tasks\{1888546D-E857-4FA2-8EDC-E2520CBA1088} => E:\V1.05b_Raft_Win32\V1.05b_Raft_Wind32.exe
    Task: {A13D3476-9D8C-4D80-A202-CAC2747BDF29} - System32\Tasks\{600A9D07-53E4-4EBF-80CD-9ED79B804F92} => C:\Windows\system32\pcalua.exe -a "I:\Install TomTom HOME.exe" -d I:\
    Task: {AA27772B-2D20-47E9-8A91-8D35D67D8AEA} - System32\Tasks\Norton Security Scan for Łukasz => C:\PROGRA~2\NORTON~2\Engine\461~1.150\Nss.exe
    Task: {B97EA2F5-C530-4CC8-861B-A6869303DF9A} - System32\Tasks\{D6FB3F17-1255-4342-A692-CADBE3821123} => C:\Games\Car Mechanic Simulator 2015\cms2015_Loader.exe
    Task: {BC36E984-D2C9-47C1-BF32-7B2F5A7B70CE} - System32\Tasks\{F4A95530-B7A6-457B-94B1-164F85F7770C} => C:\Games\Car Mechanic Simulator 2015\cms2015_Loader.exe
    Task: {C291F13D-B942-43A9-8D35-C49B5F10A575} - System32\Tasks\{C07B483C-A6AC-426E-9539-86D099939867} => C:\Games\Car Mechanic Simulator 2015\cms2015_Loader.exe
    Task: {D0F75533-338E-449C-B0ED-333C5A309F55} - System32\Tasks\{1A635094-3A4C-470F-B2B7-3FAF08C99830} => C:\games\car mechanic simulator 2015\cms2015_Loader.exe
    Task: {DF485147-9B33-49C1-890E-9EB86307BEDD} - System32\Tasks\{A2A8C78A-01C8-444F-99EC-E8018BCBB6F5} => C:\Windows\system32\pcalua.exe -a C:\Users\Łukasz\Downloads\nox_setup_v6.1.0.1_full_intl.exe -d C:\Users\Łukasz\Downloads
    Task: {E8C3AFB5-8470-4036-8A20-0DD9B879997C} - System32\Tasks\{3DBA01B2-63C3-4113-85C2-BA40C404B0C5} => C:\Games\Car Mechanic Simulator 2015\cms2015_Loader.exe
    Task: {EA07585F-9746-4E73-BE28-FAA5F0229AB6} - System32\Tasks\{94416947-6927-4B46-9083-E9FEA1F8CA15} => C:\games\car mechanic simulator 2015\cms2015_Loader.exe
    Task: {F0CD899A-BBFB-4F41-9AFF-64017EC16D95} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
    Task: {F16133C8-9942-4DB3-A49A-3C9CBD1EAD4E} - System32\Tasks\VIPRE Spectre CPU Flow Fix Task Once => C:\Program Files (x86)\iS3\STOPzilla AntiVirus\Definitions\patch0109.exe [2018-01-11] (VIPRE Security)
    Task: {F8E35EF5-91D2-4B48-B680-5E9AB275CFA4} - System32\Tasks\{8881BAAA-C078-4881-A0AD-DE141AE9DC68} => C:\Games\Car Mechanic Simulator 2015\cms2015_Loader.exe
    Task: {FA6D9E1D-8684-4889-AABE-E1C7666B419F} - System32\Tasks\{948B7557-D575-4E39-B2EB-60CBAB1B0D4A} => C:\Windows\system32\pcalua.exe -a C:\Users\Łukasz\Downloads\rescue2usb.exe -d C:\Users\Łukasz\Downloads
    Task: {FB00CFD2-8EE8-4BDE-B6CB-DDFF5778E3BB} - System32\Tasks\{2F95A3BB-02D6-4C5A-99B3-AB94B279D259} => E:\V1.05b_Raft_Win32\V1.05b_Raft_Wind32.exe
    Task: {FDAC36D6-6BA3-4D55-851C-329BBE2A59B8} - System32\Tasks\{CD59B252-B5EA-4D8A-8A79-2872F6F7D732} => E:\V1.05b_Raft_Win32\V1.05b_Raft_Wind32.exe
    EmptyTemp:


    Do tego widać ślady pozostałości Avasta, warto uruchomić https://files.avast.com/iavs9x/avastclear.exe i usunąć resztki po Avascie.

    0